CVE-2026-29126

Name of the Vulnerable Software and Affected Versions IDC SFX2100 Satellite Receiver (affected versions not specified)

Description A misconfiguration involving incorrect permission assignment of a world-writable file, specifically /etc/udhcpc/default.script, exists. This allows a local, unprivileged attacker to potentially execute arbitrary commands with root privileges. The issue stems from the modification of a root-owned, world-writable BusyBox udhcpc DHCP event script. This script is executed during DHCP lease events – obtaining, renewing, or losing a lease – leading to potential local privilege escalation and persistence.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.